Menu

Show posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.

Show posts Menu

Topics - NillaMilla

Pages1
#1
General Support / Netxms Agent 2.1-M2&M3 service unexpectedly stops when sending traps to server
April 07, 2017, 10:40:30 PM
Hello,

Any assistance would be greatly appreciated.  I have been running versions 2.0.6 and 2.0.8 for a bit now and have enjoyed having the functionality of using the NetXMS agents on all of my windows machines to parse these security logs. I have decided to experiment with the 2.1-M2 and M3 version for their added functionality of the new <match> options (such as repeat count and intervals) in the parser files .  With versions 2.0.6 or 2.0.8 x64 agents installed on Windows 7 and Server 2012 OSE's, the agents had no problem filtering a flood of security events (dozen or so events) within a very short duration of time (seconds) with a match all rule in place (.*).  With the exact same agent config and securityparser.xml file in place for an x64 2.1-M2 or M3 agent on Windows 7 or server 2012, the agent server will unexpectedly shutdown every time there is a flood of events that meet the filtering rule. 

Any help or information would be greatly appreciated.  Is this a known issue?  It is very repeatable when trying to parse a large number of events within a short period of time. 

Thanks,

-Dan
#2
General Support / Log monitoring <match> options
March 28, 2017, 03:38:48 PM
Hello,

I am using a windows security log parser file on my netxms agents. I am trying to trigger an event when the word "administrator" is found in the security log 3 times within 2 minutes, with the counts and interval resetting when reaching a count of 3.  The below parsing file does not seem to work, it triggers an event for every new instance of the word "administrator" in the security log.  I am using version 2.0.8

<parser>
  <!-- This parser file is designed to parse the windows security log -->
  <file>*Security</file>
  <rules>
    <!-- New Rule - Rule is for catching the use of administrator local account -->
    <rule>
      <level>16</level>
      <match repeatCount="3" repeatInterval="120">(.*)administrator(.*)</match>
      <event params="2">100115</event>
    </rule>
    <!-- End Rule                                                          -->
  </rules>
</parser>\

Any advice would be greatly appreciated!

-Dan
#3
Feature Requests / Agent to Server Encryption -SHA1
March 03, 2017, 06:21:38 PM
Hello,

Are there any plans to go to a SHA256 encryption as an option for the server to agent communication?  Recent information released from the Google Security Blog has indicated the discovery of some vulnerabilities to the SHA1.

https://security.googleblog.com/2017/02/announcing-first-sha1-collision.html

Thanks,

-Dan
#4
General Support / NetXMS Agent Actions - allow only agent restarts in the agent config
March 03, 2017, 06:11:50 PM
Hello,

Is there a fine grained way to control the actions that an agent will allow?  I understand that there is an agent = enable or agent = disable configuration for the agent service, but I would like to enable specific actions and disable others.  I would like to allow only agent restarts and disallow the restart system and shutdown system commands on the agent.  I have disabled the restart system and shutdown system agent commands in the object tools section of the server, but am hoping there is a fine grained control of this function at the agent. 

Thanks,

-Dan   
Pages1